Historically user network authentication has been trivially implemented. Most of authentication schemes rely on a username and password combination that uniquely identifies a user on a system.
There have been some attempts to improve and better secure authentication by the use of various biometric approaches, such as iris scans, retina scans, as well as fingerprints scans. Ultimately, most of these authentication systems were limited to single stage authentication, with both a user identifier and a biometric instead of a password, as the biometric was unique enough to provide a level of security.
Data breaches and other lapses of security have rendered trivial authentication obsolete and insecure. Higher levels of security and authentication are being sought to protect confidential user information.
Two factor authentication is growing in popularity. Two factor authentication requires authenticating users to provide two methods of authentication, usually in the form of the username and password combination plus another form of authentication. Some examples include automated telephone callbacks to known telephone numbers associated with the user, as well as digital fob generated keys that have been associated with the user.
As service providers are seeking to focus on their core business, there have been attempts to utilize third party authentication systems. These configurations utilize existing session cookie files from other websites, where authentication has already been performed, and the user's identity is not in question, thereby relying on the third party authentication system to allow access. These methods do not provide sufficient security as they depend on the (usually password-based) authentication performed previously by the service provider. Services that deal in highly confidential information, such as medical providers and financial institutions, would also prefer more mechanisms for secure authentication. A flexible and more robust method of performing authentication would be desirable.